On Linear Hulls and Trails in Simon
نویسندگان
چکیده
The block cipher Simon has a very simple round function. This simplicity allows us to compute the correlation matrix of the round function. Despite its simplicity, Simon exhibits some very interesting phenomena with respect to linear cryptanalysis. The combination of an expanding linear function and a compressing nonlinear function creates one-round hulls. These hulls complicate the estimation of the correlation contribution of trails as well as the potential of linear hulls. They cause difficulties in the commonly used methods to estimate the cipher’s security against linear cryptanalysis. Finally, because most hulls contain many trails with similar correlation contributions, we can demonstrate erratical behaviour of Matsui’s Algorithm 1 when applied in the default way. We also show how Algorithm 1 can be adapted to this situation and recover multiple key bits.
منابع مشابه
The Security of SIMON-like Ciphers Against Linear Cryptanalysis
In the present paper, we analyze the security of SIMON-like ciphers against linear cryptanalysis. First, an upper bound is derived on the squared correlation of SIMON-like round function. It is shown that the upper bound on the squared correlation of SIMON-like round function decreases with the Hamming weight of output mask increasing. Based on this, we derive an upper bound on the squared corr...
متن کاملImproved Linear Trails for the Block Cipher Simon
Simon is a family of block ciphers designed by the NSA and published in 2013. Due to their simple structure and the fact that the specification lacked security design rationale, the ciphers have been the subject of much cryptanalytic work, especially using differential and linear cryptanalysis. We improve previously published linear trail bias estimations by presenting a novel method to calcula...
متن کاملOn Linear Hulls and Trails
Abstract. This paper improves the understanding of linear cryptanalysis by highlighting some previously overlooked aspects. It shows that linear hulls are sometimes formed already in a single round, and that overlooking such hulls may lead to a wrong estimation of the linear correlation, and thus of the data complexity. It shows how correlation matrices can be used to avoid this, and provides a...
متن کاملImproved Linear Cryptanalysis of Reduced-Round SIMON-32 and SIMON-48
In this paper we analyse two variants of SIMON family of light-weight block ciphers against linear cryptanalysis and present the best linear cryptanalytic results on these variants of reduced-round SIMON to date. We propose a time-memory trade-off method that finds differential/linear trails for any permutation allowing low Hamming weight differential/linear trails. Our method combines low Hamm...
متن کاملAutomatic Search of Linear Trails in ARX with Applications to SPECK and Chaskey
In this paper, we study linear cryptanalysis of the ARX structure by means of automatic search. To evaluate the security of ARX designs against linear cryptanalysis, it is crucial to find (round-reduced) linear trails with maximum correlation. We model the problem of finding optimal linear trails by the boolean satisfiability problem (SAT), translate the propagation of masks through ARX operati...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2016 شماره
صفحات -
تاریخ انتشار 2016